Traffic Analysis Prevention - PowerPoint PPT Presentation

About This Presentation
Title:

Traffic Analysis Prevention

Description:

Traffic Analysis - an adversary who monitors or compromises parts of a system, ... Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, Vol. ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 14
Provided by: Con85
Learn more at: https://www.cise.ufl.edu
Category:

less

Transcript and Presenter's Notes

Title: Traffic Analysis Prevention


1
Traffic Analysis Prevention
  • Chris Conger
  • CIS6935 Cryptographic Protocols
  • 11/16/2004

2
Outline
  • What is Traffic Analysis Prevention (TAP)?
  • Problems, challenges with TAP
  • Analysis attacks, typical system vulnerabilities
  • Methods of TAP
  • Case Study NetCamo
  • Conclusion

3
Introduction to TAP
  • Traffic Analysis Prevention
  • Traffic Analysis - an adversary who monitors or
    compromises parts of a system, in order to match
    message senders with recipients FRAN00
  • Network Unobservability - Masking comm. patterns
    which emerge over time
  • Achieving network unobservability implies
    ineffective traffic analysis

4
Challenges for TAP
  • Loss of efficiency/performance from adding TAP
    mechanisms to a system
  • Number of possible senders/recipients bounded

5
Analysis Attacks, cont
  • Brute-force
  • Following every possible path a message might
    have taken
  • Typically results in a list of possible
    sender/recipient pairs
  • Node flushing
  • A mix node which sends out messages after
    receiving N messages
  • Attacker sends N-1 messages to a node, can then
    match his inputs with messages leaving the node
  • Encryption, authentication at each mix node
    combats node flushing
  • Can be mounted by active adversaries (able to
    manipulate network, as opposed to simply listen)
  • Timing attack
  • If routes taken by messages have different
    latencies, attacker may use arrival and departure
    times from a network to correlate the path taken

6
Analysis Attacks
  • Contextual attack
  • Looking at distinguishing features of traffic
    patterns, such as partners taking turns
    communicating, counting numbers of packets in
    arriving and departing messages, etc
  • DoS attack
  • Destroying some intermediate nodes will affect
    the behavior of some users but not others,
    revealing information about which users take
    which paths
  • Exploitation of user reactions
  • Intercept a message leaving a mix-node, and
    forward to many recipients
  • Users expecting to receive the message will
    behave differently than those not expecting the
    message
  • Many others

7
Methods of TAP
  • Mixing
  • Dummy messages
  • Routing

8
Methods of TAP Mixing
  • A packet travels from source to destination
    through several intermediate nodes (mix nodes)
  • User encrypts the message to be sent
  • Each mix node collects packets/messages, releases
    in some different (random) fashion
  • The longer a node can hold and collect messages,
    the better the security
  • Mixing helps to hide sender-recipient
    relationship by masking the route taken (any one
    node only knows the previous and next hop, not
    entire route)

9
Methods of TAP Dummy Msg.
  • Injecting dummy traffic/packets into the network
    (a.k.a. padding)
  • Dummy packets should not be distinguishable from
    real packets
  • Tradeoff
  • Dummy messages may reduce amount of time real
    packets are saved up in mixed nodes, if dummy
    messages are used in conjunction with a mixed
    network
  • Dummy messages obviously decrease overall network
    efficiency, increase network overhead

10
Methods of TAP Routing
  • Altering routes that packets travel to make
    traffic following difficult
  • Varying number of hops
  • Onion Routing
  • Each intermediate node only knows about previous
    and next node
  • As mentioned in mixing, encryption/decryption at
    each node alters messages appearance

11
Case Study NetCamo
  • Traffic analysis prevention system developed at
    Texas AM
  • Providing traffic security, at the same time as
    QoS guarantees!
  • Employs both rerouting and padding (dummy msg.)
  • Run by a central Network Controller, makes
    routing and padding decisions based on monitored
    network parameters
  • Scalability issues?

12
Conclusions
  • Traffic analysis attacks can be mounted from a
    variety of adversaries
  • Current methods of TAP reduce the ability of
    adversaries, but fool-proof prevention methods
    are undiscovered or impractical
  • TAP methods typically provide security at a
    relatively high cost of added overhead

13
References
  • FRAN00 Raymond, J.F., Traffic Analysis
    Protocols, Attacks, Design Issues and Open
    Problems, International Workshop on Designing
    Privacy-enhancing Technologies, 2001, pp. 10-29
  • FU03 Fu, X., Bettati, R., and Zhao, W.,
    Analytical and Empirical Analysis of
    Countermeasures to Traffic Analysis Attacks,
    Proceedings of the 32nd International Conference
    on Parallel Processing, October 2003
  • NEWM03 Newman, R., Moskowitz, I., and
    Syverson, P., Metrics for Traffic Analysis
    Prevention, Proceedings of the Workshop on
    Privacy-enhancing Technologies, March 2003
  • GUAN01 Guan, Y., Fu, X., Xian, D., Shenoy, P.,
    Bettati, R., and Zhao, W., NetCamo
    Camouflaging Network Traffic for QoS-Guaranteed
    Mission Critical Applications, IEEE
    Transactions on Systems, Man, and
    Cybernetics-Part A Systems and Humans, Vol. 31,
    No. 4, July 2001
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Traffic Analysis Prevention" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!